How to Encrpyt message using PGPY in Python3

Question

I have tried following code to encrypt plaintext message using public key and getting an error.

import pgpy

key,_  = pgpy.PGPKey.from_file('public_key.asc')

data = "This is simple message"
msg = pgpy.PGPMessage.new(data, cleartext=True)

encrypted_message = key.encrypt(msg)
print (encrypted_message)

Error -

Traceback (most recent call last):
  File "pgp_encrypt.py", line 8, in <module>
    encrypted_message = key.encrypt(msg)
  File "/home/<path>/.local/lib/python3.8/site-packages/pgpy/decorators.py", line 125, in _action
    with self.usage(key, kwargs.get('user', None)) as _key:
  File "/usr/lib/python3.8/contextlib.py", line 113, in __enter__
    return next(self.gen)
  File "/home/<path>/.local/lib/python3.8/site-packages/pgpy/decorators.py", line 96, in usage
    raise PGPError("Key {keyid:s} does not have the required usage flag {flags:s}".format(**em))
pgpy.errors.PGPError: Key 2F0B2A386761A2B8 does not have the required usage flag EncryptStorage, EncryptCommunications

I have followed examples from this link - https://pgpy.readthedocs.io/en/latest/examples.html

Answer 1

To add to the above, here's an example that works in a single run and that doesn't require saving the key to a file. Of course, in real life, you would want to save the key to a file as @krishna reddy has assumed. But if you just want to see how the API is utilized I recommend looking at the following:

from pgpy import PGPUID, PGPKey, PGPMessage
from pgpy.constants import (
    PubKeyAlgorithm,
    KeyFlags,
    HashAlgorithm,
    SymmetricKeyAlgorithm,
    CompressionAlgorithm,
)

# 1. Recipient sets up user, and generates a key for that user
uid = PGPUID.new("Abraham Lincoln", comment="Honest Abe", email="abraham.lincoln@whitehouse.gov")
key = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 4096)
key.add_uid(
    uid,
    usage={KeyFlags.Sign, KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage},
    hashes=[HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512, HashAlgorithm.SHA224],
    ciphers=[SymmetricKeyAlgorithm.AES256, SymmetricKeyAlgorithm.AES192, SymmetricKeyAlgorithm.AES128],
    compression=[
        CompressionAlgorithm.ZLIB,
        CompressionAlgorithm.BZ2,
        CompressionAlgorithm.ZIP,
        CompressionAlgorithm.Uncompressed,
    ],
)
# Typically, recipient then saves the key information to a file on their server

# 2. Recipient publishes the public key.
print(f"public key:\n{key.pubkey}")

# 3. Sender retrieves pubkey.
#  Here we use `from_blob`. But typically you'd use `from_file`:
pubkey, _ = PGPKey.from_blob(str(key.pubkey))


# 4. Sender prepares a message
message = PGPMessage.new("Hello PGP! You're so Clever!!!!")
print(f"plaintext: [{message.message}]")

# 5. Sender encrypts the message using the public key
ciphertext = str(pubkey.encrypt(message))
print(f"cipherbytes: [{ciphertext}]")

# 6. Sender sends the ciphertext
# ...

# key below would typically be reconstructed from its saved file
# 7. Recipient decrypts the cyphertext
cipher_msg = PGPMessage.from_blob(ciphertext)
decrypted = key.decrypt(cipher_msg).message
print(f"decrypted: [{decrypted}]")

assert decrypted == message.message

Running the script results in output like the following:

public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----

xsFNBGFMqcABEADJaKvhmgNVqwWOAL8h/tdD9ESlGd0PUquJDenbvEwv1VH7EIWa
nB8fOb/klBeauN9RSzL7VGaCpMvm5Rjz+Z8Cx4mB5yGkABtEdGSvdR3U8z11L5bF

... etc ...

nq/nCRHynRTk7WDnm5AM29mdGE5dd7C9wH6OodY7jXFnPAJZM7a75++XHsCwgoc+
2XdmnSXkFKQT9JIP4VEfV8pqKgBiwE5pQTYPGQ==
=cfgq
-----END PGP PUBLIC KEY BLOCK-----

plaintext: [Hello PGP! You're so Clever!!!!]
ciphertext: [<IntegrityProtectedSKEDataV1 [tag 18][v1] at 0x1021b81f0>]
decrypted: [Hello PGP! You're so Clever!!!!]

Answer 2

Only private key is being used to both decrypt and encrypt in this example.

To encrypt a simple message:

import pgpy
from pgpy.constants import PubKeyAlgorithm, KeyFlags, HashAlgorithm, SymmetricKeyAlgorithm, CompressionAlgorithm
import json
import warnings

key_decrypt,_  = pgpy.PGPKey.from_file('priv.asc')


data = "Encrypt this"

def pgpy_create_key(key):
    warnings.filterwarnings("ignore")
    uid = pgpy.PGPUID.new('user', email='user@example.gov')
    with key.unlock(""):
        key.add_uid(uid, usage={KeyFlags.Sign, KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage},
                    hashes=[HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512, HashAlgorithm.SHA224],
                    ciphers=[SymmetricKeyAlgorithm.AES256, SymmetricKeyAlgorithm.AES192, SymmetricKeyAlgorithm.AES128],
                    compression=[CompressionAlgorithm.ZLIB, CompressionAlgorithm.BZ2, CompressionAlgorithm.ZIP, CompressionAlgorithm.Uncompressed])
    return key

key_encrypt = pgpy_create_key(key_decrypt)


def pgpy_encrypt(key, data):
    message = pgpy.PGPMessage.new(data)
    enc_message = key.pubkey.encrypt(message)
    return bytes(enc_message)


pgpy_enc = pgpy_encrypt(key_encrypt, json.dumps(data))
print (pgpy_enc)

To decrypt a message:

import pgpy
import json

key_decrypt,_  = pgpy.PGPKey.from_file('priv.asc')

encrypted_data =b"\xc1\xc0L\x03/\x0b*8ga\xa2\xb8\x01\x07\xfb\x074\xf3\x06\x17Cu\xcf\xc7q\xe0\xbcn`}\xcc\xb1\xbe\x02\xd0\xf9X^\xbf\x836{-9\xd6\x0b\xe3\x9f\x82\xf0\xfc4\x83\xec\xcb\x95\x06\x9e\xd5e\xf5\x7fo\xf2\x99\x07\xa9\xe5\x958\x88\xf5U\x83\x00\xa8\x99\xa38\x1ec\x8a\x87d\xf9\xd7\x94\xeb\xfej\xf5G\xa2\xd6\xc9\xde[N|1\x08Lb\x95\xc6\x1c\xf6!\xb1\xe4TL\x08\x9a:\xbd5\xa3\xfc\xb5m\x94\xea\xff\r\x07Z3\xe7Q\xb9\x05ya!\xab\x1d_H\x82\xa4\x91\xeb\n \xe6\xe4\x90h\x1f\x8f\xcbA\xff\xcau\xa0i\xb35)\xe6\x1b\x07\x18_\xdf\x8a\x12EH\xbaec\xd9^\xbf\xa5\x88\xe26T\x94\xc8AS(\xc0\xbd\x1b\xba\xff\xd2a\xe4q\xa2\x850\xca\xc88-@3\xd3<\xfc\xe1\xce\xd3\xbf\x1d`JoK#\xb7%\x93\xb2\xb8nZ\xdfs\xf8\xae\xf4\xff\xc9\xf9Kl\x0f\xf9v\x1a{\xa2N\x82X\xb7D\x0e\xf9\xef~\x9b\xa56\x11\xf2\x8f\x0c?*\xa1\n\xd5\xad\x13\x08\x8ak\xeb6_\xac\xd2D\x01\xae)a[+3c*\xd1'\n\n\x06\xa9J\n\x8a\xe2\xca{\xa7\x8b$\xd9\xa6\xbas\xeb\xb4d-\x10\xd7\xeb\xc5\xb4\x12\xa89\xda\xec\xc6\x89g\xf9\xf9\xf9-'\xc0\xc2\xba\xaei\x03\r\xaa\xfc\xfa\x0e\x08\x9a\xc3\x8c\xa9A-"

def pgpy_decrypt(key, enc_data):
    message = pgpy.PGPMessage.from_blob(enc_data)
    with key.unlock(""):
        return (key.decrypt(message).message)


decrypted_data = pgpy_decrypt(key_decrypt, encrypted_data)
print (decrypted_data)